Warning: Permanently added '10.128.1.72' (ED25519) to the list of known hosts. 2026/06/06 02:19:59 parsed 1 programs Setting up swapspace version 1, size = 127995904 bytes [ 114.733315][ T4788] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 117.530453][ T4828] chnl_net:caif_netlink_parms(): no params data found [ 117.594916][ T4828] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.604299][ T4828] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.612882][ T4828] device bridge_slave_0 entered promiscuous mode [ 117.623487][ T4828] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.630933][ T4828] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.640623][ T4828] device bridge_slave_1 entered promiscuous mode [ 117.672900][ T4828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 117.686162][ T4828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 117.720906][ T4828] team0: Port device team_slave_0 added [ 117.729665][ T4828] team0: Port device team_slave_1 added [ 117.757717][ T4828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 117.766270][ T4828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.793599][ T4828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 117.806299][ T4828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 117.814641][ T4828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.842615][ T4828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.882638][ T4828] device hsr_slave_0 entered promiscuous mode [ 117.890004][ T4828] device hsr_slave_1 entered promiscuous mode [ 118.709680][ T4828] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 118.719889][ T4828] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 118.730350][ T4828] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 118.740831][ T4828] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 118.814379][ T4828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.831644][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 118.842226][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 118.853587][ T4828] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.866166][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 118.875976][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 118.887004][ T1438] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.894355][ T1438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.914224][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 118.924861][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 118.934666][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 118.945619][ T1438] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.952897][ T1438] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.963665][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 118.973072][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.019929][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 119.030267][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.050112][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 119.060846][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 119.070437][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 119.082556][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 119.092026][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 119.101541][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 119.110504][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 119.122538][ T4828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 119.325887][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 119.335460][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 119.349838][ T4828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.394946][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 119.404487][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 119.423839][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 119.434344][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 119.446266][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 119.454469][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 119.466500][ T4828] device veth0_vlan entered promiscuous mode [ 119.523614][ T4828] device veth1_vlan entered promiscuous mode [ 119.550196][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 119.560540][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 119.571379][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 119.580857][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 119.592521][ T4828] device veth0_macvtap entered promiscuous mode [ 119.625771][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 119.637322][ T4828] device veth1_macvtap entered promiscuous mode [ 119.667752][ T4828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.677301][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 119.694822][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 119.707600][ T4828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.718887][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 119.727770][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 119.755222][ T4828] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.768316][ T4828] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.777071][ T4828] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.788299][ T4828] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.780106][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.787988][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.817238][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 120.851791][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.860394][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.869113][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2026/06/06 02:20:11 executed programs: 0 [ 122.401200][ T157] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.617238][ T4999] chnl_net:caif_netlink_parms(): no params data found [ 122.682961][ T4999] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.690226][ T4999] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.698896][ T4999] device bridge_slave_0 entered promiscuous mode [ 122.707463][ T4999] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.715234][ T4999] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.724912][ T4999] device bridge_slave_1 entered promiscuous mode [ 122.754018][ T4999] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 122.765651][ T4999] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 122.797302][ T4999] team0: Port device team_slave_0 added [ 122.807956][ T4999] team0: Port device team_slave_1 added [ 122.833351][ T4999] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.840587][ T4999] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.866940][ T4999] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.880563][ T4999] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.887551][ T4999] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.916641][ T4999] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.965835][ T4999] device hsr_slave_0 entered promiscuous mode [ 122.976676][ T4999] device hsr_slave_1 entered promiscuous mode [ 122.985897][ T4999] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 122.996656][ T4999] Cannot create hsr debugfs directory [ 124.559075][ T4873] Bluetooth: hci0: command 0x0409 tx timeout [ 125.265692][ T157] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.354607][ T157] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.410575][ T157] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.227240][ T4999] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 126.238695][ T4999] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 126.249296][ T4999] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 126.276287][ T4999] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 126.423122][ T4999] 8021q: adding VLAN 0 to HW filter on device bond0 [ 126.441016][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 126.454035][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 126.466493][ T4999] 8021q: adding VLAN 0 to HW filter on device team0 [ 126.497603][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 126.506681][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 126.517077][ T1438] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.524275][ T1438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.573992][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 126.584349][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 126.597425][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 126.606987][ T1438] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.614173][ T1438] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.626634][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 126.636375][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 126.638573][ T4217] Bluetooth: hci0: command 0x041b tx timeout [ 126.650827][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 126.661546][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 126.695032][ T4999] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 126.710556][ T4999] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 126.724890][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 126.736742][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 126.746887][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 126.759550][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 126.769250][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 126.777858][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 126.786898][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 126.795771][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 126.898416][ T157] device hsr_slave_0 left promiscuous mode [ 126.904810][ T157] device hsr_slave_1 left promiscuous mode [ 126.917527][ T157] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 126.929468][ T157] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 126.937439][ T157] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.948942][ T157] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 126.956921][ T157] device bridge_slave_1 left promiscuous mode [ 126.964614][ T157] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.975434][ T157] device bridge_slave_0 left promiscuous mode [ 126.983277][ T157] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.995611][ T157] device veth1_macvtap left promiscuous mode [ 127.001846][ T157] device veth0_macvtap left promiscuous mode [ 127.008011][ T157] device veth1_vlan left promiscuous mode [ 127.013919][ T157] device veth0_vlan left promiscuous mode [ 127.192274][ T157] team0 (unregistering): Port device team_slave_1 removed [ 127.209613][ T157] team0 (unregistering): Port device team_slave_0 removed [ 127.223235][ T157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 127.240868][ T157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 127.300026][ T157] bond0 (unregistering): Released all slaves [ 127.344576][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 127.352576][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 127.365709][ T4999] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 127.387039][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 127.396359][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 127.421974][ T4999] device veth0_vlan entered promiscuous mode [ 127.432715][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 127.441797][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 127.453771][ T4999] device veth1_vlan entered promiscuous mode [ 127.461488][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 127.470642][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 127.479359][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 127.507774][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 127.517278][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 127.531236][ T4999] device veth0_macvtap entered promiscuous mode [ 127.543345][ T4999] device veth1_macvtap entered promiscuous mode [ 127.563685][ T4999] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 127.572318][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 127.581449][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 127.590260][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 127.600377][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 127.612298][ T4999] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 127.620840][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 127.630297][ T1438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 127.642561][ T4999] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.652699][ T4999] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.661733][ T4999] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.671222][ T4999] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.725315][ T1438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.736431][ T1438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.744729][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 2026/06/06 02:20:17 executed programs: 2 [ 127.776869][ T5229] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.785763][ T5229] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.796265][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 128.105310][ T5231] loop0: detected capacity change from 0 to 32768 [ 128.272959][ T5231] [ 128.272959][ T5231] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 128.272959][ T5231] [ 128.327284][ T5231] read_mapping_page failed! [ 128.332566][ T5231] ERROR: (device loop0): txCommit: [ 128.332566][ T5231] [ 128.361413][ T5231] read_mapping_page failed! [ 128.366310][ T5231] ERROR: (device loop0): txCommit: [ 128.366310][ T5231] [ 128.377388][ T5231] ================================================================== [ 128.385807][ T5231] BUG: KASAN: slab-out-of-bounds in dtInsertEntry+0xd74/0x1270 [ 128.393500][ T5231] Read of size 4 at addr ffff88806ea7c04c by task syz.0.17/5231 [ 128.401167][ T5231] [ 128.403543][ T5231] CPU: 0 PID: 5231 Comm: syz.0.17 Not tainted syzkaller #0 [ 128.410776][ T5231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 128.420908][ T5231] Call Trace: [ 128.424220][ T5231] [ 128.427176][ T5231] dump_stack_lvl+0x188/0x250 [ 128.431885][ T5231] ? show_regs_print_info+0x20/0x20 [ 128.437155][ T5231] ? _printk+0xda/0x130 [ 128.441359][ T5231] ? load_image+0x400/0x400 [ 128.445889][ T5231] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 128.451924][ T5231] print_address_description+0x60/0x2d0 [ 128.457599][ T5231] ? dtInsertEntry+0xd74/0x1270 [ 128.462498][ T5231] kasan_report+0xdf/0x130 [ 128.466970][ T5231] ? dtInsertEntry+0xd74/0x1270 [ 128.471870][ T5231] dtInsertEntry+0xd74/0x1270 [ 128.476648][ T5231] dtSplitPage+0x2501/0x3200 [ 128.481349][ T5231] dtInsert+0xff4/0x5830 [ 128.485637][ T5231] ? lockdep_hardirqs_on+0x94/0x140 [ 128.490893][ T5231] ? UniStrupr+0x2e0/0x2e0 [ 128.495513][ T5231] ? do_raw_spin_lock+0x128/0x2f0 [ 128.500567][ T5231] ? __rwlock_init+0x140/0x140 [ 128.505399][ T5231] jfs_create+0x730/0xad0 [ 128.509779][ T5231] ? jfs_lookup+0x420/0x420 [ 128.514317][ T5231] ? jfs_get_parent+0xa0/0xa0 [ 128.519051][ T5231] ? make_kgid+0x660/0x660 [ 128.523502][ T5231] ? generic_permission+0x230/0x510 [ 128.528742][ T5231] ? inode_permission+0xef/0x480 [ 128.533712][ T5231] ? bpf_lsm_inode_create+0x5/0x10 [ 128.538863][ T5231] ? security_inode_create+0xb3/0x100 [ 128.544282][ T5231] ? jfs_lookup+0x420/0x420 [ 128.548819][ T5231] path_openat+0x11db/0x2fa0 [ 128.553478][ T5231] ? do_filp_open+0x410/0x410 [ 128.558201][ T5231] do_filp_open+0x1e2/0x410 [ 128.562834][ T5231] ? vfs_tmpfile+0x300/0x300 [ 128.567525][ T5231] ? _raw_spin_unlock+0x24/0x40 [ 128.572416][ T5231] ? alloc_fd+0x598/0x630 [ 128.576803][ T5231] do_sys_openat2+0x150/0x4b0 [ 128.581517][ T5231] ? __lock_acquire+0x7d10/0x7d10 [ 128.586591][ T5231] ? do_sys_open+0xe0/0xe0 [ 128.591142][ T5231] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 128.597176][ T5231] ? lock_chain_count+0x20/0x20 [ 128.602090][ T5231] ? vtime_user_exit+0x2c8/0x3e0 [ 128.607105][ T5231] __x64_sys_openat+0x135/0x160 [ 128.612019][ T5231] do_syscall_64+0x4c/0xa0 [ 128.616483][ T5231] ? clear_bhb_loop+0x30/0x80 [ 128.621197][ T5231] ? clear_bhb_loop+0x30/0x80 [ 128.625926][ T5231] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 128.631983][ T5231] RIP: 0033:0x7f995140def9 [ 128.636443][ T5231] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 128.656096][ T5231] RSP: 002b:00007f9950a71028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 128.664573][ T5231] RAX: ffffffffffffffda RBX: 00007f9951678fa0 RCX: 00007f995140def9 [ 128.672594][ T5231] RDX: 000000000000275a RSI: 0000200000000080 RDI: ffffffffffffff9c [ 128.680597][ T5231] RBP: 00007f99514a2ee0 R08: 0000000000000000 R09: 0000000000000000 [ 128.688627][ T5231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.696632][ T5231] R13: 00007f9951679038 R14: 00007f9951678fa0 R15: 00007ffe10afe998 [ 128.704698][ T5231] [ 128.707756][ T5231] [ 128.710105][ T5231] Allocated by task 5231: [ 128.714472][ T5231] __kasan_slab_alloc+0x9c/0xd0 [ 128.718404][ T4408] Bluetooth: hci0: command 0x040f tx timeout [ 128.719365][ T5231] slab_post_alloc_hook+0x4c/0x380 [ 128.730500][ T5231] kmem_cache_alloc+0x100/0x290 [ 128.735391][ T5231] jfs_alloc_inode+0x17/0x50 [ 128.740013][ T5231] iget_locked+0x191/0x820 [ 128.744469][ T5231] jfs_iget+0x20/0x3f0 [ 128.748571][ T5231] jfs_lookup+0x21d/0x420 [ 128.752961][ T5231] __lookup_slow+0x29d/0x410 [ 128.757593][ T5231] lookup_slow+0x53/0x70 [ 128.761874][ T5231] walk_component+0x319/0x460 [ 128.766761][ T5231] path_lookupat+0x169/0x440 [ 128.771388][ T5231] filename_lookup+0x214/0x540 [ 128.776189][ T5231] user_path_at_empty+0x40/0x190 [ 128.781424][ T5231] __se_sys_chdir+0x98/0x280 [ 128.786240][ T5231] do_syscall_64+0x4c/0xa0 [ 128.790693][ T5231] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 128.797051][ T5231] [ 128.799395][ T5231] The buggy address belongs to the object at ffff88806ea7b780 [ 128.799395][ T5231] which belongs to the cache jfs_ip of size 2240 [ 128.813233][ T5231] The buggy address is located 12 bytes to the right of [ 128.813233][ T5231] 2240-byte region [ffff88806ea7b780, ffff88806ea7c040) [ 128.827069][ T5231] The buggy address belongs to the page: [ 128.832740][ T5231] page:ffffea0001ba9e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6ea78 [ 128.842921][ T5231] head:ffffea0001ba9e00 order:3 compound_mapcount:0 compound_pincount:0 [ 128.851278][ T5231] memcg:ffff888023f25501 [ 128.855563][ T5231] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 128.863599][ T5231] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88801de95280 [ 128.872229][ T5231] raw: 0000000000000000 00000000800d000d 00000001ffffffff ffff888023f25501 [ 128.880834][ T5231] page dumped because: kasan: bad access detected [ 128.887290][ T5231] page_owner tracks the page as allocated [ 128.893128][ T5231] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 5231, ts 128249087600, free_ts 92114249230 [ 128.915235][ T5231] get_page_from_freelist+0x1bbd/0x1ca0 [ 128.920828][ T5231] __alloc_pages+0x1ee/0x480 [ 128.925458][ T5231] new_slab+0xc0/0x4b0 [ 128.929639][ T5231] ___slab_alloc+0x80a/0xdd0 [ 128.934344][ T5231] kmem_cache_alloc+0x195/0x290 [ 128.939361][ T5231] jfs_alloc_inode+0x17/0x50 [ 128.943996][ T5231] new_inode_pseudo+0x5f/0x210 [ 128.948880][ T5231] new_inode+0x25/0x1c0 [ 128.953058][ T5231] jfs_fill_super+0x398/0xb00 [ 128.957914][ T5231] mount_bdev+0x287/0x3c0 [ 128.962386][ T5231] legacy_get_tree+0xe6/0x180 [ 128.967101][ T5231] vfs_get_tree+0x88/0x270 [ 128.971544][ T5231] do_new_mount+0x24a/0xa40 [ 128.976105][ T5231] __se_sys_mount+0x2e3/0x3d0 [ 128.980984][ T5231] do_syscall_64+0x4c/0xa0 [ 128.985431][ T5231] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 128.991537][ T5231] page last free stack trace: [ 128.996231][ T5231] free_unref_page_prepare+0x637/0x6c0 [ 129.001719][ T5231] free_unref_page+0x8f/0x2a0 [ 129.006422][ T5231] __unfreeze_partials+0x1a5/0x200 [ 129.011554][ T5231] put_cpu_partial+0x12d/0x190 [ 129.016344][ T5231] qlist_free_all+0x35/0x90 [ 129.020872][ T5231] kasan_quarantine_reduce+0x150/0x160 [ 129.026400][ T5231] __kasan_slab_alloc+0x2f/0xd0 [ 129.031285][ T5231] slab_post_alloc_hook+0x4c/0x380 [ 129.036433][ T5231] kmem_cache_alloc_node+0x12d/0x2d0 [ 129.041835][ T5231] __alloc_skb+0xf4/0x750 [ 129.046199][ T5231] devlink_trap_notify+0x2d/0x160 [ 129.051255][ T5231] devlink_trap_unregister+0xf2/0x270 [ 129.056657][ T5231] devlink_traps_unregister+0x1f6/0x230 [ 129.062316][ T5231] nsim_dev_traps_exit+0x64/0x120 [ 129.067367][ T5231] nsim_dev_reload_destroy+0x1bd/0x240 [ 129.072864][ T5231] nsim_dev_reload_down+0xf9/0x160 [ 129.078005][ T5231] [ 129.080357][ T5231] Memory state around the buggy address: [ 129.086012][ T5231] ffff88806ea7bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 129.094095][ T5231] ffff88806ea7bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 129.102191][ T5231] >ffff88806ea7c000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 129.110383][ T5231] ^ [ 129.116907][ T5231] ffff88806ea7c080: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 129.124999][ T5231] ffff88806ea7c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 129.133085][ T5231] ================================================================== [ 129.141158][ T5231] Disabling lock debugging due to kernel taint [ 129.164685][ T5231] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 129.171939][ T5231] CPU: 0 PID: 5231 Comm: syz.0.17 Tainted: G B syzkaller #0 [ 129.180558][ T5231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 129.190727][ T5231] Call Trace: [ 129.194029][ T5231] [ 129.197062][ T5231] dump_stack_lvl+0x188/0x250 [ 129.201766][ T5231] ? show_regs_print_info+0x20/0x20 [ 129.207094][ T5231] ? load_image+0x400/0x400 [ 129.211659][ T5231] panic+0x2e5/0x810 [ 129.215585][ T5231] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 129.221781][ T5231] ? bpf_jit_dump+0xd0/0xd0 [ 129.226326][ T5231] ? _raw_spin_unlock_irqrestore+0x10d/0x120 [ 129.232331][ T5231] ? _raw_spin_unlock+0x40/0x40 [ 129.237207][ T5231] ? dtInsertEntry+0xd74/0x1270 [ 129.242201][ T5231] check_panic_on_warn+0x80/0xa0 [ 129.247173][ T5231] ? dtInsertEntry+0xd74/0x1270 [ 129.252050][ T5231] end_report+0x6d/0xf0 [ 129.256304][ T5231] kasan_report+0x102/0x130 [ 129.260835][ T5231] ? dtInsertEntry+0xd74/0x1270 [ 129.265841][ T5231] dtInsertEntry+0xd74/0x1270 [ 129.270564][ T5231] dtSplitPage+0x2501/0x3200 [ 129.275224][ T5231] dtInsert+0xff4/0x5830 [ 129.279502][ T5231] ? lockdep_hardirqs_on+0x94/0x140 [ 129.284748][ T5231] ? UniStrupr+0x2e0/0x2e0 [ 129.289193][ T5231] ? do_raw_spin_lock+0x128/0x2f0 [ 129.294246][ T5231] ? __rwlock_init+0x140/0x140 [ 129.299172][ T5231] jfs_create+0x730/0xad0 [ 129.303539][ T5231] ? jfs_lookup+0x420/0x420 [ 129.308089][ T5231] ? jfs_get_parent+0xa0/0xa0 [ 129.312823][ T5231] ? make_kgid+0x660/0x660 [ 129.317559][ T5231] ? generic_permission+0x230/0x510 [ 129.322873][ T5231] ? inode_permission+0xef/0x480 [ 129.327833][ T5231] ? bpf_lsm_inode_create+0x5/0x10 [ 129.332997][ T5231] ? security_inode_create+0xb3/0x100 [ 129.338402][ T5231] ? jfs_lookup+0x420/0x420 [ 129.342935][ T5231] path_openat+0x11db/0x2fa0 [ 129.347778][ T5231] ? do_filp_open+0x410/0x410 [ 129.352484][ T5231] do_filp_open+0x1e2/0x410 [ 129.357019][ T5231] ? vfs_tmpfile+0x300/0x300 [ 129.361734][ T5231] ? _raw_spin_unlock+0x24/0x40 [ 129.366705][ T5231] ? alloc_fd+0x598/0x630 [ 129.371069][ T5231] do_sys_openat2+0x150/0x4b0 [ 129.375779][ T5231] ? __lock_acquire+0x7d10/0x7d10 [ 129.380842][ T5231] ? do_sys_open+0xe0/0xe0 [ 129.385298][ T5231] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 129.391312][ T5231] ? lock_chain_count+0x20/0x20 [ 129.396209][ T5231] ? vtime_user_exit+0x2c8/0x3e0 [ 129.401200][ T5231] __x64_sys_openat+0x135/0x160 [ 129.406089][ T5231] do_syscall_64+0x4c/0xa0 [ 129.410537][ T5231] ? clear_bhb_loop+0x30/0x80 [ 129.415242][ T5231] ? clear_bhb_loop+0x30/0x80 [ 129.419956][ T5231] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 129.425887][ T5231] RIP: 0033:0x7f995140def9 [ 129.430322][ T5231] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 129.450037][ T5231] RSP: 002b:00007f9950a71028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 129.458473][ T5231] RAX: ffffffffffffffda RBX: 00007f9951678fa0 RCX: 00007f995140def9 [ 129.466519][ T5231] RDX: 000000000000275a RSI: 0000200000000080 RDI: ffffffffffffff9c [ 129.474712][ T5231] RBP: 00007f99514a2ee0 R08: 0000000000000000 R09: 0000000000000000 [ 129.483053][ T5231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.491085][ T5231] R13: 00007f9951679038 R14: 00007f9951678fa0 R15: 00007ffe10afe998 [ 129.499267][ T5231] [ 129.502628][ T5231] Kernel Offset: disabled [ 129.506974][ T5231] Rebooting in 86400 seconds..